This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise console migration

Currently running EC 5.3.1 on an old W2003 server. Would like to migrate endpoint to a new 2012 R2 server. Going back and forth from several migration docs and just starting over from scratch on the new server. Is there anyone who has started over an just re-protected the endpoints? if so, are there any "gotcha's" I haven't found any documentation other than support telling me its ok to do that....but they never give me any specific steps.

I'm not running encryption and not really concerned about losing history if it makes the transition easier.

I also read this statement in the forums which makes no sense:

I called Sophos support about 5 months ago as I had an issue with some machines not updating.  After getting those fixed, I asked about moving to a new server and the tech told me the exact solution you quoted.  Complete uninstall, registry clean and then reinstall on the other one.  



This thread was automatically locked due to age.
Parents
  • Hello nf,

    there's more than one way to skin a cat.

    Installing a blank SEC takes less than one hour, with a restore/migrate of the database it shouldn't take more than two.

    not really concerned about losing history
    History might not be of interest, the database also contains your subscriptions (actually not hard to reenter though), your policies (might be a few, might be many), and the group structure and policy assignments, and last but not least the computers with their group-membership. You can either backup/restore/migrate (it's not rocket science) the database with all this information or you have to re-do and re-type everything (except the computers which could - depending on the path you take - "appear by themselves" in the Unassigned group or have to be discovered/re-protected or by some other means told to re-install). 

    The IMO most important aspect is that your endpoints aren't marooned. Re-protect from the console requires (apart from discover) that the endpoints are online.

    Some possible scenarios (OS already installed on the new server):

    1. Backup and export all necessary data (including the certificate store) on the old server, turn it off. Change name and IP of new to old's values. Import certificates, start SEC installation - if you follow the database import procedure almost everything will be there (and work) when the install is complete, otherwise the endpoints will gradually appear.
    2. Backup and export all necessary data (including the certificate store) on the old server, if you want to migrate the database turn off the Sophos services before the final backup and leave them off. If the new server is ready you could configure the CID(s) on new and trigger a "move" of the endpoints (Windows, possibly Linux) to the new server by changing the updating policies or a temporary (DNS) alias.
    3. Install SEC on new not migrating anything, then re-protect, re-install, or re-direct your endpoints.

    Each has pros and cons, 1. is simple provided everything works (and you can easily change name and IP for a machine). I've left out most details (too many trees and you won't be able see the wood), feel free to ask.

    this statement
    couldn't find it here - anyway, the last sentence doesn't make sense [:)]

    Christian

     

  • Thanks Christian!

    I think I will follow your advice and go with option 1 and follow the "server to server migration guide" for the steps on backing up the DB and restoring. Although I'm not sure what you meant by the certificate store? I don't see that referenced in the guide.  If its related to encryption, we have not used that ...yet.

    One last thing, does it matter that I don't have the Update Manager password?  took over this position from someone and have no idea what they used.

  • First timer to Sophos here also migrating from 5.1 on Win2003 32-bit to Win2012 64-bit. I've downloaded the migration PDF and the steps seem to match well with what I have. The only question I have is regarding what happens when I've stopped the Sophos services to migrate the configuration to the new server. If I hit a snag, or wish to back out, or if re-directing the clients to the new server is going to take a while, is it OK to restart the services on the old server until (a) the new server is fully ready and (b) all the endpoints are using the new server?

  • I recently renewed our Sophos subscription and we received the Update Manager credentials with the licence, so you'll probably find it there.

Reply Children
No Data